Wendy's Could Be Latest In Long List Of Companies Affected By Credit Card Breaches

Another day, another report of a security breach, this latest one affecting Wendy's, a nationwide chain of fast food restaurants. Wendy's has hired a security firm to help investigate claims that someone hacked its systems, a decision the chain made after being alerted to potential credit card fraud tracing back to some of the chain's locations.

"We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations," Wendy's spokesperson Bob Bertini told KrebsOnSecurity. "Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts."


Wendy's is still gathering information at this early stage and doesn't have many details to share, such as exactly how long this might have been going on, whether or not the situation is contained, or how many stores might be involved. All Wendy's is really saying is that it's looking at incidents from late last year.

KrebsOnSecurity said that when it first heard reports from banking industry sources about possible fraud activity tracing back to Wendy's, it was mostly in the Midwest. Since the, it's been receiving reports from banks on the East Coast as well.

"The amount of transactions that take place during any given day makes restaurants an easy target for credit card hacks. POS systems have a lot of security vulnerabilities, making it very easy for hackers to steal credit card information," Dodi Glenn, VP of Cyber Security at PC Pitstop told HotHardware in an email.

There are over 6,500 Wendy's locations in the world. Glenn points out that many of those restaurants are franchised so the issue could be one of "best security practices for the owner."